个人建议使用安装更快，比helm快，还要等待安装crd

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml

#官网
https://cert-manager.io/docs/installation/kubectl/

#创建自签的ClusterIssuer
cat >  signing-custom.yaml <<-EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:name: selfsigned-clusterissuer
spec:selfSigned: {}---
#生成证书
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:name: java-selfsigned-canamespace: cert-manager
spec:isCA: truecommonName: java-selfsigned-casecretName: java-selfsigned-secret # 生成的证书名duration: 360hprivateKey:algorithm: ECDSAsize: 256issuerRef:name: selfsigned-clusterissuer # 对应上面清单中创建的clusterissuer名称kind: ClusterIssuergroup: cert-manager.io
---
#生成以这个证书作为CA的ClusterIssuer，其他证书由这个CA签发
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:name: my-ca-issuer
spec:ca:secretName: java-selfsigned-secret # 对应以上Certificate资源证书名
EOF

查看你的证书

kubectl get clusterissuers,certificate
kubectl -n cert-manager get secret

手动签发ssl自签证书

cat > server-tls.yaml  <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:name: java-com
spec:secretName: java-tlsduration: 12160h # 你想要的时间renewBefore: 3600h #subject:organizations:- jetstackcommonName: abc.exchangs.topisCA: falseprivateKey:algorithm: RSAencoding: PKCS1size: 2048usages:- server auth- client authdnsNames:- exchangs.top- abc.exchangs.topipAddresses:- 192.168.0.53issuerRef:name: my-ca-issuer # 指定上面创建好的用于签名的CAkind: ClusterIssuergroup: cert-manager.io
EOF

最后ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: springboot-server#annotations:#cert-manager.io/cluster-issuer: "letsencrypt-prod"spec:ingressClassName: nginxtls:- hosts:- abc.exchangs.top- bbc.exchangs.topsecretName: java-tlsrules:- host: abc.exchangs.tophttp:paths:- path: /pathType: Prefixbackend:service:name: springboot-serverport:number: 8080- host: bbc.exchangs.tophttp:paths:- path: /pathType: Prefixbackend:service:name: springboot-serverport:number: 8080

最后访问

curl -kivL -H 'Host: bbc.exchangs.top' 'https://192.168.0.53'